Windows 10 to get disposable sandboxes for dodgy apps

Apps will be run in a virtual machine that's discarded after use.

Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running.

The new feature was revealed in a bug-hunting quest for members of the Insider program and will carry the name "InPrivate Desktop." While the quest has now been removed, the instructions outlined the basic system requirements—a Windows 10 Enterprise system with virtualization enabled and adequate disk and memory—and briefly described how it would be used. There will be an InPrivate Desktop app in the store; running it will present a virtualized desktop environment that can be used to run questionable programs and will be destroyed when the window is closed.

While it would, of course, be possible to manually create a virtual machine to run software of dubious merit, InPrivate Desktop will streamline and automate that process, making it painless to run things in a safe environment. There's some level of integration with the host operating system—the clipboard can be used to transfer data, for example—but one assumes that user data is off limits, preventing data theft, ransomware, and similar nastiness.

Virtualization is used to power an increasing number of Windows 10 security features. Certain sensitive information is housed within a virtual machine offering some protection from malicious software even if the operating system is compromised. More recently, Windows Defender Application Guard enables hostile Edge tabs to be run in a virtual machine. Both of these features originally required Windows 10 Enterprise before later being expanded to Windows 10 Professional, too.

The quest also discloses the codename for the feature—"Madrid." Microsoft has used Spanish cities for certain other security-related features: the virtualized Edge tabs were codenamed "Barcelona," and Windows Defender Advanced Threat Protection, the endpoint security and threat analytics system, was "Seville." It also appears that the quest was intended only for Microsoft employees, as it contained certain links that are only accessible to Microsoft staff.

While the quest says that it should work in current preview builds (it needs only build 17718 or newer; the latest public preview is build 17733), the fact that InPrivate Desktop isn't actually available outside Redmond suggests that it's relatively early in development so might not be a part of this autumn's Windows 10 release. Windows Defender Application Guard proved that it's difficult to get the capabilities of this kind of feature right: if the virtual machine is too isolated and restricted it becomes difficult to do any useful work in it, but if the integration is too tight then the security is eroded. The initial release of Application Guard, for example, made it impossible to download files to the host machine. This provided maximal security but meant that there was no way of saving data or otherwise permanently retaining information from the virtualized websites. The latest release now optionally allows this kind of download. InPrivate Desktop likely requires a similar balancing act. It needs to protect the host system but not to such an extent that it's too inconvenient to bother using.

100 Reader Comments

This sounds really cool, in theory. If it works flawlessly, I would love to be able to run almost everything through virtualized environments. Just as long as we can pick what gets run there. I don't need Skyrim to get launched in a virtual environment that will hold back all my mods.

This sounds promising, but I don't think it will be able to strike a balance without customization options. If I can set up which parts of the file system it can read/write I should be able to run Origin again, for instance. I can think of a few examples...

Mind you, if this requires having Hyper-V enabled, then you won't be able to use it if you're running VMWare Workstation or Player on that machine.

It almost certainly will.

The Hyper-V/VMware Workstation incompatibility is something that I'd really like to see solved. I'm not sure which company bears the greater share of the blame, but it's obnoxious. Is it too much to ask that I be able to use the same system to build a phone app in Visual Studio and connect to a VM on an ESXi host at work?

Mind you, if this requires having Hyper-V enabled, then you won't be able to use it if you're running VMWare Workstation or Player on that machine.

It almost certainly will.

The Hyper-V/VMware Workstation incompatibility is something that I'd really like to see solved. I'm not sure which company bears the greater share of the blame, but it's obnoxious. Is it too much to ask that I be able to use the same system to build a phone app in Visual Studio and connect to a VM on an ESXi host at work?

Basically it's Microsoft's fault: when Hyper-V is enabled then the whole operating system runs inside it, which prevents any other VM programs from running. There's a new platform/API that should let VM programs targeting it function again, but I don't think either VirtualBox or VMware yet target it.

edit: to be more precise, Hyper-V stops other VM programs from using VT-x instructions. I could still run a VirtualBox VM, but I'd be limited to a 32-bit guest OS.

The world is quickly changing. Instead of everything running in the software 'virtual machine' of a process with system calls, applications are running in their own container or a throw-away full hardware virtual machine.

If it can get direct access to USB, then this sounds like the perfect solution for Razer's Synapse software. I would love to load that crapfest in an environment that gets completely destroyed once I close it. Suppose it would also need to support running the absurd number of windows services Synapse "needs" also.

Why isn't this the default for every app? Apps should be isolated from one another and from user data unless explicitly allowed otherwise.

Because applications have built-in interactions with other parts of the system/OS. Assuming it's a hyper-v instance on-demand, you wouldn't be able to open or save any documents to the local drives. You wouldn't be able to pop any notifications to the Action Center. Video drivers.

Nice, that's the first new feature of Windows that seems a good addition to my normal use in a very long time.

Now, why don't you add a new format to the .exe and .dll standards so that they can contain agnostic binaries that get recompiled to your own architecture (like UWP can do) ?. I would like to see more competition (ARM, MIPS, Power, ...) coming to our PCs without a serious emulation handicap.

All "apps" probably should go into sandboxes by default. The kind of software that needs access to all the same data (Office, Explorer, Development software, etc.) wouldn't likely be an app for most people today.

The main thing that I feel my software needs shared access to would be my Documents. The appdata for each app could easily be sandboxed, and the Documents access could require elevation to get to. Rarely anymore do programs need to write to Program Files, Windows, or access the root of the drive. They need read access to some of those locations but usually only to load libraries or other files that could go into a virtual Windows/Program Files store for the program.

All "apps" probably should go into sandboxes by default. The kind of software that needs access to all the same data (Office, Explorer, Development software, etc.) wouldn't likely be an app for most people today.

The main thing that I feel my software needs shared access to would be my Documents. The appdata for each app could easily be sandboxed, and the Documents access could require elevation to get to. Rarely anymore do programs need to write to Program Files, Windows, or access the root of the drive. They need read access to some of those locations but usually only to load libraries or other files that could go into a virtual Windows/Program Files store for the program.

This is a big thing right here. The fact that applications are allowed to make so many changes to a system without a user easily being able to back out the changes. Obfuscated registry entries, obfuscated files in %AppData Files in multiple directories, etc.

It has frustrated me for decades on Windows (and bleeding over into other OSes as well) that an application has the ability to access more than its own Application folder and a User Data folder (of the user's choosing).

It should not be difficult to erase all traces of a program from a system when I am done using it and choose to uninstall, but there seems to be an unlimited amount of cruft left over, even with "proper" uninstallers.

All "apps" probably should go into sandboxes by default. The kind of software that needs access to all the same data (Office, Explorer, Development software, etc.) wouldn't likely be an app for most people today.

The main thing that I feel my software needs shared access to would be my Documents. The appdata for each app could easily be sandboxed, and the Documents access could require elevation to get to. Rarely anymore do programs need to write to Program Files, Windows, or access the root of the drive. They need read access to some of those locations but usually only to load libraries or other files that could go into a virtual Windows/Program Files store for the program.

This is a big thing right here. The fact that applications are allowed to make so many changes to a system without a user easily being able to back out the changes. Obfuscated registry entries, obfuscated files in %AppData Files in multiple directories, etc.

It has frustrated me for decades on Windows (and bleeding over into other OSes as well) that an application has the ability to access more than its own Application folder and a User Data folder (of the user's choosing).

It should not be difficult to erase all traces of a program from a system when I am done using it and choose to uninstall, but there seems to be an unlimited amount of cruft left over, even with "proper" uninstallers.

Maybe in Windows 11...I would vastly prefer if apps could not use the registry and instead had to rely on a virtual registry file located in the appdata folder, which is XML-based or something.

If libraries are needed a set of system approved shared libraries could be maintained, and updated as needed by applications needing to use them (by downloading from the approved MS source, and removed once the application that hardlinked to it disappears). But generally, I think it would be simpler and better just to have a copy of the shared libraries included in each app bundle. Why should any application be able to add libraries to the system folder, to be used by other applications that assume it's safe, when it might be a rogue copy of that dll?

Interesting. I was actually thinking something along those lines would be nice for testing firewall implementations and rules just earlier this morning (the Article from this morning) got me thinking about firewalls for IoT devices, and creating a virtualized sandbox would allow you to test allowed/disallowed ports for functionality before rolling it out to your live environment.